1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
|
% !TEX root = ../TSG_Administrator's_Guide_Latest_EN.tex
%
%\pdfbookmark[0]{Appendix B Log Fields Description}{Appendix B Log Fields Description}
\chapter*{\hypertarget{link:Appendix B Log Fields Description}{Appendix B Log Fields Description}}
\addcontentsline{toc}{chapter}{Appendix B Log Fields Description}
\label{sec:appendix_c}
\notemark\textit{The column with * is the default display column after logging in to the system for the first time. Once the user has made the configuration,
the configuration will be saved in the browser's local data. The next time the user logs in to the system through the same machine and the same browser,
it will display columns that the user has previously configured. The fields with bold font are the Log Fields used when creating reports.}
%\pdfbookmark[1]{Log Type}{Log Type}
\section*{\hypertarget{link:Log Type}{Log Type}}
\addcontentsline{toc}{section}{Log Type}
\label{sec:appendix_c:logtype}
\begin{longtable}{p{0.31\textwidth}|p{0.63\textwidth}}
\rowcolor{black}\multicolumn{1}{l!\vlinewhite}{\textcolor{white}{Log Type}} & \textcolor{white}{Schema Type} \\\hline
Security Events & All types \\\hline
Proxy Events & Base, HTTP and DoH \\\hline
Session Records & All types except Radius \\\hline
Radius Records & Base and Radius \\\hline
VoIP Records & Base, SIP and RTP \\ \hline
GTP-C Records & Base and GTP-C \\ \hline
\end{longtable}
\section*{\hypertarget{link:Dos Events}{Dos Events}}
\addcontentsline{toc}{section}{Dos Events}
\label{sec:appendix_c:dosevents}
\begin{longtable}{p{0.3\textwidth}|p{0.62\textwidth}}
\rowcolor{black}\multicolumn{1}{l!\vlinewhite}{\textcolor{white}{Field}} & \textcolor{white}{Description} \\\hline
Start Time & The start time of the attack \\\hline
End Time & The end time of the attack\\\hline
Log ID & A log entry identifier incremented sequentially; each log has a unique number\\\hline
Attack Type & The type includes:
\begin{itemize}
\item TCP SYN Flood,
\item UDP Flood,
\item ICMP Flood,
\item DNS Flood.
\end{itemize} \\\hline
Severity & Critical
Severe
Major
Warning
Minor\\\hline
Conditions & The conditions that trigger the event\\\hline
Destination IP & The destination IP address\\\hline
Destination Country & The destination country name\\\hline
Source IPs & The source IP addresses\\\hline
Source Countries & The source country names\\\hline
Sessions/s & Session rate\\\hline
Packets/s & Packet rate\\\hline
Bits/s & Bit rate\\\hline
\end{longtable}
%\pdfbookmark[1]{Base}{Base}
\section*{\hypertarget{link:Base}{Base}}
\addcontentsline{toc}{section}{Base}
\label{sec:appendix_c:base}
\begin{longtable}{p{0.34\textwidth}|p{0.58\textwidth}}
\rowcolor{black}\multicolumn{1}{l!\vlinewhite}{\textcolor{white}{Field}} & \textcolor{white}{Description} \\\hline
\multicolumn{2}{l}{\textbf{General}} \\\hline
Receive Time * & Time the log was received \\\hline
Log ID * & A log entry identifier is incremented sequentially; each log has a unique number \\\hline
Session ID & An internal numerical identifier applied to the session \\\hline
Direction & Indicates session client-to-server direction,
Internal to External or Ingress—External to Internal \\\hline
Stream Direction & Captured packet direction of the session, possible values are: c2s, s2c, double \\\hline
Start Time & Time of session start \\\hline
End Time & Time of session end \\\hline
Duration(ms) & The elapsed time of the session \\\hline
Establish Latency(ms) & Establish time of the session \\\hline
Processing Time & Processing time in the system \\\hline
Device ID & Unique identifier of devices on which the session was logged \\\hline
Data Center & Name of the data center on which the session was processed \\\hline
Sled IP & IP of the sled which the session was processed \\\hline
\multicolumn{2}{l}{\textbf{Action}} \\\hline
Action & Action taken for the session; possible values are:
\begin{itemize}
\item Allow - session was allowed by policy.
\item Deny - session was denied by policy.
\item Monitor - session was allowed by policy and a log will be generated when matched.
\item Intercept - Intercept HTTP/HTTPS traffic for proxy. If the traffic use SSL/TSL, it will be decrypted.
\item Redirect - The Proxy redirect matched HTTP session to a predefined URL.
\item Replace - The Proxy Searches in a given HTTP part to Find a given string, and Replace any matches with another given string.
\item Hijack - The Proxy hijack a downloading file.
\item Insert - The Proxy insert a “js” or “css” scripts to webpages.
\end{itemize}
\\\hline
Sub Action * & Sub Action taken for action; possible values are:
drop—session was dropped by deny action
block—session was blocked by deny action
alert—session was alerted by deny action
allow—session was allowed by intercept action
deny—session was denied by intercept action
monitor—session was monitored by intercept action
redirect—session was redirected by intercept action
replace—session was replaced by intercept action
hijack—session was hijacked by intercept action
insert—session was inserted by intercept action \\\hline
Policy ID & The matched policy ID \\\hline
\multicolumn{2}{l}{\textbf{Source}} \\\hline
Client IP & Original session client IP address. \\\hline
Internal IP & Internal region IP of the session (if applicable) \\\hline
Client Port & Client port utilized by the session \\\hline
Client Location & Geographic location the client IP \\\hline
Client ASN & BGP Autonomous system number the client IP \\\hline
Subscriber ID & Identifier of RADIUS Accounting for Subscriber Access (if applicable) \\\hline
IMEI & International Mobile Equipment Identity \\\hline
IMSI & International Mobile Subscriber Identity \\\hline
Phone Number & The user’s phone number \\\hline
\multicolumn{2}{l}{\textbf{Destination}} \\\hline
Server IP & Original session server IP address \\\hline
External IP & External region IP of the session (if applicable)\\\hline
Server Port & Server port utilized by the session\\\hline
Server Location & Geographic location the server IP\\\hline
Server ASN & BGP Autonomous system number the server IP\\\hline
\multicolumn{2}{l}{\textbf{Application}} \\\hline
User Define APP Name & Customized App name \\\hline
Application Label & Application label associated with the session \\\hline
Surrogate ID & App surrogate ID \\\hline
L7 Protocol & Layer 7 Protocol associated with the session \\\hline
Protocol Label & Protocol associated with the session \\\hline
FQDN Category & Service category \\\hline
L4 Protocol & Transport layer protocol associated with the session \\\hline
\multicolumn{2}{l}{\textbf{Transmission}} \\\hline
Sessions & Number of sessions with same client IP, server IP, Application, seen within 5 seconds\\\hline
Packets Sent & Number of client-to-server packets for the session\\\hline
Packets Received & Number of server-to-client packets for the session\\\hline
Packets Sent (Diff) & Diff number of client-to-server packets for the session\\\hline
Packets Received (Diff) & Diff number of server-to-client packets for the session\\\hline
Bytes Sent & Number of bytes in the client-to-server direction of the session\\\hline
Bytes Received & Number of bytes in the server-to-client direction of the session\\\hline
Bytes Sent (Diff) & Diff number of bytes in the client-to-server direction of the session\\\hline
Bytes Received (Diff) & Diff number of bytes in the server-to-client direction of the session\\\hline
Fragmentation Packets(c2s) & Number of IP fragment packets in client-to-server direction of the session\\\hline
Fragmentation Packets(s2c) & Number of IP fragment packets in server-to-client direction of the session\\\hline
Sequence Gap Loss(c2s) & Number of TCP gap loss packets in client-to-server direction of the session \\\hline
Sequence Gap Loss(s2c) & Number of TCP gap loss packets in server-to-client direction of the session \\\hline
Unorder Packets(cs2) & Number of TCP out of order packets in client-to-server direction of the session \\\hline
Unorder Packets(s2c) & Number of TCP out of order packets in server-to-client direction of the session \\\hline
Packet Retransmission(c2s) & Number of TCP retransmission packets in client-to-server direction of the session\\\hline
Packet Retransmission(s2c) & Number of TCP retransmission packets in server-to-client direction of the session\\\hline
Byte Retransmission(c2s) & Number of TCP retransmission bytes in client-to-server direction of the session \\\hline
Byte Retransmission(s2c) & Number of TCP retransmission bytes in server-to-client direction of the session \\\hline
TCP Client ISN & TCP uses a three-way handshake to establish a reliable connection. The connection is full duplex, and both sides synchronize (SYN) and acknowledge (ACK) each other. The client chooses an initial sequence number, set in the first SYN packet. Initial sequence numbers (ISN) refers to the unique 32-bit sequence number assigned to each new connection on a TCP-based data communication. An ISN is unique to each connection and separated by each device. Now use a random number in ISN selection process to defeat malicious attacks.\\\hline
TCP Server ISN & The server also chooses its own initial sequence number, set in the SYN/ACK packet. Each side acknowledges each other's sequence number by incrementing it.\\\hline
Mirrored Packets & Number of mirrored packets \\\hline
Mirrored Bytes & Number of mirrored bytes\\\hline
\multicolumn{2}{l}{\textbf{Other}} \\\hline
Address Type & IP protocol version associated with the session, 4 or 6 \\\hline
Schema Type & Protocol type: BASE, HTTP, MAIL, DNS, SSL, FTP, BGP, VoIP, RADIUS, QUIC, DoH, SIP, RTP, APP, GTP-C \\\hline
Tunnels & Information of tunnel \\\hline
Stream Error & Error information of stream\\\hline
\end{longtable}
%\pdfbookmark[1]{Log Fields per Protocol}{Log Fields per Protocol}
\section*{\hypertarget{link:Log Fields per Protocol}{Log Fields per Protocol}}
\addcontentsline{toc}{section}{Log Fields per Protocol}
\label{sec:appendix_c:protocol}
%\pdfbookmark[2]{HTTP}{HTTP}
\subsection*{\hypertarget{link:HTTP}{HTTP}}
\addcontentsline{toc}{subsection}{HTTP}
\label{sec:appendix_c:protocol:HTTP}
\begin{longtable}{p{0.33\textwidth}|p{0.61\textwidth}}
\rowcolor{black}\multicolumn{1}{l!\vlinewhite}{\textcolor{white}{Field}} & \textcolor{white}{Description} \\\hline
\textbf{Http.URL} & Uniform Resource Locator (URL) of current HTTP session \\\hline
Http.Host & Host of current HTTP session \\\hline
\textbf{Http.Domain} & Domain of current HTTP session \\\hline
Http.Cookie & Cookie of current HTTP session \\\hline
Http.Referer & Reference of current HTTP session \\\hline
Http.User Agent & User-Agent of current HTTP session \\\hline
Http.Content Length & Content Length of current HTTP session \\\hline
Http.Content Type & Content Type of current HTTP session \\\hline
Http.Set Cookie & Set Cookie of current HTTP session \\\hline
Http.Version & HTTP protocol version of current HTTP session, possible values are: http1, http2 \\\hline
\tabincell{l}{Http.Response\\ Latency(ms)} & HTTP response latency of current HTTP session \\\hline
Http.Action File Size & HTTP sub action profile size of current HTTP session, possible sub actions are:
alert
hijack
insert \\\hline
Http.Session Duration(ms) & Duration time of current HTTP session \\\hline
HTTP.Request Body & The request body to current HTTP session \\\hline
HTTP.Response Body & The response body to current HTTP session \\\hline
\end{longtable}
%\pdfbookmark[2]{MAIL}{MAIL}
\subsection*{\hypertarget{link:MAIL}{MAIL}}
\addcontentsline{toc}{subsection}{MAIL}
\label{sec:appendix_c:protocol:MAIL}
\begin{longtable}{p{0.26\textwidth}|p{0.68\textwidth}}
\rowcolor{black}\multicolumn{1}{l!\vlinewhite}{\textcolor{white}{Field}} & \textcolor{white}{Description} \\\hline
Mail.Protocol Type & Specific mail protocol type of current Mail session, possible values are: smtp, imap, pop \\\hline
Mail.Account & Account of current Mail session \\\hline
Mail.From CMD & From information of current Mail session \\\hline
Mail.To CMD & To information of current Mail session \\\hline
Mail.From & Sender account of current mail session \\\hline
Mail.To & Receiver account of current mail session \\\hline
Mail.CC & Mail carbon copy account of current mail session \\\hline
Mail.BCC & Mail blind carbon copy account of current mail session \\\hline
Mail.Subject & Subject of current mail session \\\hline
Mail.Attachment & Attachment name of current mail session \\\hline
Mail.EML File & EML file download link of current mail session \\\hline
\end{longtable}
%\pdfbookmark[2]{DNS}{DNS}
\subsection*{\hypertarget{link:DNS}{DNS}}
\addcontentsline{toc}{subsection}{DNS}
\label{sec:appendix_c:protocol:DNS}
\begin{longtable}{p{0.29\textwidth}|p{0.65\textwidth}}
\rowcolor{black}\multicolumn{1}{l!\vlinewhite}{\textcolor{white}{Field}} & \textcolor{white}{Description} \\\hline
Dns.Message ID & Message identifier of current DNS session \\\hline
Dns.QR & Query/Response Flag of current DNS session \\\hline
Dns.OPCODE & Operation Code of current DNS session \\\hline
Dns.AA & Authoritative Answer Flag of current DNS session \\\hline
Dns.TC & Truncation Flag of current DNS session \\\hline
Dns.RD & Recursion Desired of current DNS session \\\hline
Dns.RA & Recursion Available of current DNS session \\\hline
Dns.RCODE & Response Code of current DNS session \\\hline
Dns.QDCOUNT & Question Count of current DNS session \\\hline
Dns.ANCOUNT & Answer Record Count of current DNS session \\\hline
Dns.NSCOUNT & Authority Record Count of current DNS session \\\hline
Dns.ARCOUNT & Additional Record Count of current DNS session \\\hline
Dns.QNAME & Query domain name of current DNS session \\\hline
Dns.QTYPE & Query type of current DNS session \\\hline
Dns.QCLASS & Query class of current DNS session \\\hline
Dns.cname & Canonical Name Record of current DNS session \\\hline
Dns.SUB & Extension description of current DNS session, possible values are: dns, dnssec \\\hline
Dns.RR & Resource records of current DNS session \\\hline
\end{longtable}
%\pdfbookmark[2]{SSL}{SSL}
\subsection*{\hypertarget{link:SSL}{SSL}}
\addcontentsline{toc}{subsection}{SSL}
\label{sec:appendix_c:protocol:SSL}
\begin{longtable}{p{0.3\textwidth}|p{0.64\textwidth}}
\rowcolor{black}\multicolumn{1}{l!\vlinewhite}{\textcolor{white}{Field}} & \textcolor{white}{Description} \\\hline
\textbf{SSL.SNI} & Server Name Indication of current SSL session \\\hline
SSL.SAN & Subject Alternative Name of current SSL session \\\hline
SSL.CN & Common Name of current SSL session \\\hline
SSL.Pinning & Pinning status of current SSL session, possible values are:
0-not pinning
1-pinning
2-maybe pinning \\\hline
SSL.Intercept State & Intercept State of current SSL session, possible values are:
0-passthrough: not decrypted
1-intercept: decrypted
2-shutdown: connection due to exception\\\hline
\tabincell{l}{SSL.Server Side\\ Latency(ms)} & Server side establish latency of current SSL session \\\hline
\tabincell{l}{SSL.Client Side\\ Latency(ms)} & Client side establish latency of current SSL session \\\hline
SSL.Server Side Version & Server-side SSL version latency of current session, possible values are:
SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3, unknown \\\hline
SSL.Client Side Version & Client-side SSL version latency of current session, possible values are:
SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3, unknown \\\hline
SSL.Certificate Verify & Certificate verify status of current SSL session, possible values are:
0-passed
1-failed \\\hline
SSL.Error & Error message of current SSL session \\\hline
SSL.JA3 hash & JA3 Fingerprint is hashed with MD5 \\\hline
SSL.Connection Latency(ms) & SSH handshake latency time \\\hline
SSL.Issuer & SSL certificate issuer\\\hline
SSL.Subject & SSL certificate owner\\\hline
\end{longtable}
%\pdfbookmark[2]{QUIC}{QUIC}
\subsection*{\hypertarget{link:QUIC}{QUIC}}
\addcontentsline{toc}{subsection}{QUIC}
\label{sec:appendix_c:protocol:QUIC}
\begin{longtable}{p{0.31\textwidth}|p{0.63\textwidth}}
\rowcolor{black}\multicolumn{1}{l!\vlinewhite}{\textcolor{white}{Field}} & \textcolor{white}{Description} \\\hline
Quic.Version & Version of current QUIC session \\\hline
Quic.SNI & Server Name Indication of current QUIC session \\\hline
Quic.User Agent & User Agent of current QUIC session \\\hline
\end{longtable}
%\pdfbookmark[2]{DoH}{DoH}
\subsection*{\hypertarget{link:DoH}{DoH}}
\addcontentsline{toc}{subsection}{DoH}
\label{sec:appendix_c:protocol:DoH}
\begin{longtable}{p{0.23\textwidth}|p{0.71\textwidth}}
\rowcolor{black}\multicolumn{1}{l!\vlinewhite}{\textcolor{white}{Field}} & \textcolor{white}{Description} \\\hline
DoH.URL & Uniform Resource Locator (URL) of current DoH session \\\hline
DoH.Host & Host of current DoH session \\\hline
DoH.Cookie & Cookie of current DoH session \\\hline
DoH.Referer & Referer of current DoH session \\\hline
DoH.User Agent & User Agent of current DoH session \\\hline
DoH.Version & HTTP Version of current DoH session, possible values are: http1, http2 \\\hline
DoH.Message ID & Message ID of current DoH session \\\hline
DoH.QR & Query/Response Flag of current DoH session \\\hline
DoH.OPCODE & Operation Code of current DoH session \\\hline
DoH.AA & Authoritative Answer Flag of current DoH session \\\hline
DoH.TC & Truncation Flag of current DoH session \\\hline
DoH.RD & Recursion Desired of current DoH session \\\hline
DoH.RA & Recursion Available of current DoH session \\\hline
DoH.RCODE & Response Code of current DoH session \\\hline
DoH.QDCOUNT & Question Count of current DoH session \\\hline
DoH.ANCOUNT & Answer Record Count of current DoH session \\\hline
DoH.NSCOUNT & Authority Record Count of current DoH session \\\hline
DoH.ARCOUNT & Additional Record Count of current DoH session \\\hline
DoH.QNAME & Query domain name of current DoH session \\\hline
DoH.QTYPE & Query type of current DoH session \\\hline
DoH.QCLASS & Query class of current DoH session \\\hline
DoH.CNAME & Canonical Name Record of current DoH session \\\hline
DoH.SUB & Extension description of current DoH session, possible values are: dns, dnssec \\\hline
DoH.RR & Resource records of current DoH session \\\hline
\end{longtable}
%\pdfbookmark[2]{FTP}{FTP}
\subsection*{\hypertarget{link:FTP}{FTP}}
\addcontentsline{toc}{subsection}{FTP}
\label{sec:appendix_c:protocol:FTP}
\begin{longtable}{p{0.3\textwidth}|p{0.64\textwidth}}
\rowcolor{black}\multicolumn{1}{l!\vlinewhite}{\textcolor{white}{Field}} & \textcolor{white}{Description} \\\hline
Ftp.Account & Account of current ftp session \\\hline
Ftp.URL & Uniform Resource Identifier of current ftp session \\\hline
Ftp.Content & File content of current ftp session \\\hline
FTP.Link Type & FTP link type \\\hline
\end{longtable}
%\pdfbookmark[2]{SIP}{SIP}
\subsection*{\hypertarget{link:SIP}{SIP}}
\addcontentsline{toc}{subsection}{SIP}
\label{sec:appendix_c:protocol:SIP}
\begin{longtable}{p{0.33\textwidth}|p{0.61\textwidth}}
\rowcolor{black}\multicolumn{1}{l!\vlinewhite}{\textcolor{white}{Field}} & \textcolor{white}{Description} \\\hline
SIP.Call-ID & Call identifier of current SIP session \\\hline
SIP.Originator & Originator description of current session \\\hline
SIP.Responder & Responder description of current session \\\hline
SIP.User-Agent & A user agent is a logical network endpoint that sends or receives SIP messages and manages SIP sessions. \\\hline
SIP.Server & A network server with UAC and UAS components \\\hline
SIP.Originator IP & IP address of the originator \\\hline
SIP.Originator Port & Port of the originator \\\hline
SIP.Originator Media Type & The media type of the originator \\\hline
SIP.Originator Content & The content information of the originator, using Session Description Protocol(SDP) \\\hline
SIP.Responder IP & IP address of the responder \\\hline
SIP.Responder Port & Port of the responder \\\hline
SIP.Responder Media Type & The media type of the responder \\\hline
SIP.Responder Content & The content information of the responder using Session Description Protocol(SDP) \\\hline
SIP.Duration & Duration time of current SIP session \\\hline
SIP.Bye & Signal termination of a dialog and end a call. This message may be sent by either endpoint of a dialog. \\\hline
\end{longtable}
%\pdfbookmark[2]{RTP}{RTP}
\subsection*{\hypertarget{link:RTP}{RTP}}
\addcontentsline{toc}{subsection}{RTP}
\label{sec:appendix_c:protocol:RTP}
\begin{longtable}{p{0.27\textwidth}|p{0.67\textwidth}}
\rowcolor{black}\multicolumn{1}{l!\vlinewhite}{\textcolor{white}{Field}} & \textcolor{white}{Description} \\\hline
RTP.Payload(c2s) & Payload type encodings sequence number of c2s \\\hline
RTP.Payload(s2c) & Payload type encodings sequence number of s2c \\\hline
RTP.PCAP & Packet capture path; there are maybe two paths for asymmetric traffic. \\\hline
RTP.Direction & {\tabincell{l}{Originator direction. \\
0: unknown \\
1: c2s \\
2: s2c }} \\\hline
\end{longtable}
\subsection*{\hypertarget{link:GTP-C}{GTP-C}}
\addcontentsline{toc}{subsection}{GTP-C}
\label{sec:appendix_c:protocol:GTP-C}
\begin{longtable}{p{0.27\textwidth}|p{0.67\textwidth}}
\rowcolor{black}\multicolumn{1}{l!\vlinewhite}{\textcolor{white}{Field}} & \textcolor{white}{Description} \\\hline
Version & GTP-C version number \\\hline
APN & Access Point Name \\\hline
IMEI & International Mobile Equipment Identity \\\hline
IMSI & International Mobile Subscriber Identity \\\hline
Phone Number & Phone Number \\\hline
Uplink TEID & Uplink TEID \\\hline
Downlink TEID & Downlink TEID \\\hline
Message Type & Create, modify, delete \\\hline
End User Address V4 & End user IPv4 address \\\hline
End User Address V6 & End user IPv6 address \\\hline
\end{longtable}
%\pdfbookmark[2]{RADIUS}{RADIUS}
\subsection*{\hypertarget{link:RADIUS}{RADIUS}}
\addcontentsline{toc}{subsection}{RADIUS}
\label{sec:appendix_c:protocol:RADIUS}
\begin{longtable}{p{0.29\textwidth}|p{0.65\textwidth}}
\rowcolor{black}\multicolumn{1}{l!\vlinewhite}{\textcolor{white}{Field}} & \textcolor{white}{Description} \\\hline
Packet Type & Packet type of current radius session, possible values are:
1- Access-Request
2- Access-Accept
3- Access-Reject
4- Accounting-Request
5- Accounting-Response
11-Access-Challenge \\\hline
Account & RADIUS account of current radius session \\\hline
\textbf{Nas IP *} & NAS device IP of current radius session \\\hline
\textbf{Framed IP *} & IP address assigned by RADIUS server to user of current radius session \\\hline
Session Timeout & Timeout of current radius session \\\hline
Idle Timeout & Maximum idle time of current radius session \\\hline
ACC Status Type * & Account status type of current radius session, possible values are:
1-Start
2-Stop
3-Interim-Update \\\hline
\tabincell{l}{Acct Terminate\\ Cause} & Account terminating reason of current radius session, possible values are:
1-User Request
2-Lost Carrier
3-Lost Service
4-Idle Timeout
5-Session Timeout
6-Admin Reset
7-Admin Reboot
8-Port Error
9-NAS Error
10-NAS Request
11-NAS Reboot
12-Port Unneeded
13-Port Preempted
14-Port Suspended
15-Service Unavailable
16-Callback
17-User Error
18-Host Request \\\hline
Event Timestamp & Dial-in user request event time stamp of current radius session \\\hline
Service Type & Dial-in user request authentication type, possible values are:
2(Framed): A Framed Protocol should be started for the User, such as PPP or SLIP.
5(Outbound): The user should be granted access to outgoing devices.
10(Call Check): Used by the NAS in an Access-Request packet to indicate that a call is being received and that the RADIUS server should send back an Access-Accept to answer the call. \\\hline
Nas Port & NAS-Port of current radius session \\\hline
Framed Protocol & Framed Protocol of current radius session, possible values are:
1-PPP
2-SLIP
3-AppleTalk Remote Access Protocol (ARAP)
4-Gandalf proprietary SingleLink/MultiLink protocol
5-Xylogics proprietary IPX/SLIP
6-X.75 Synchronous \\\hline
Callback Number & A dialing number to be used for callback of current radius session \\\hline
Callback ID & Callback Identifier of current radius session \\\hline
Termination Action & Action the NAS should take when the specified service is completed, possible values are:
0-Default
1-RADIUS-Request \\\hline
Called Station Id & NAS device Identifier of current radius session \\\hline
Calling Station Id & Client Identifier of current radius session \\\hline
Acct Delay Time & Indicates how many seconds the user has been trying to send record of current radius session \\\hline
Acct Session ID & A unique accounting ID of current radius session \\\hline
Acct Multi Session ID & A unique Accounting ID to make it easy to link together multiple related sessions \\\hline
Acct Input Octets & Input bytes of current radius account \\\hline
Acct Output Octets & Output bytes of current radius account \\\hline
Acct Input Packets & Input Packets of current radius account \\\hline
Acct Output Packets & Output Packets of current radius account \\\hline
Acct Session Time & Indicates how many seconds the user has received service for \\\hline
Acct Link Count & Count of links which are known to have been in a given multilink session at the time the accounting record \\\hline
Acct Interim Interva &l Indicates the number of seconds between each interim update in seconds \\\hline
\end{longtable}
%\pdfbookmark[2]{APP}{APP}
\subsection*{\hypertarget{link:APP}{APP}}
\addcontentsline{toc}{subsection}{APP}
\label{sec:appendix_c:protocol:APP}
\begin{longtable}{p{0.3\textwidth}|p{0.64\textwidth}}
\rowcolor{black}\multicolumn{1}{l!\vlinewhite}{\textcolor{white}{Field}} & \textcolor{white}{Description} \\\hline
APP.Extra Info & Detail information about the application. \\\hline
\end{longtable}
|
